Looks like some major ‘sploits have been identified for GreaseMonkey:
“…In other words, running a Greasemonkey script on a site can expose the contents of every file on your local hard drive to that site. Running a Greasemonkey script with “@include *” (which, BTW, is the default if no parameter is specified) can expose the contents of every file on your local hard drive to every site you visit. And, because GM_xmlhttpRequest can use POST as well as GET, an attacker can quietly send this information anywhere in the world.”
(From [Greasemonkey] greasemonkey for secure data over insecure networks / sites thread on GreaseMonkey developer list)
The general agreement on the list is to totally disable or uninstall GM for the time being… Eeek.
http://www.cafepress.com/nomoremonkey
shame they don’t have black!
Uninstall GreaseMonkey or use version 0.3.5
Fire Greasemonkey was going to be the headline, but that didn’t seem to be direct enough so I changed to “Uninstall GreaseMonkey” which is Mark Pilgrim’s advice after the recent discovery that Greasemonkey has a major security …